After catching a reverse shell in CTF-style challenges with nc, you generally need to fix the TTY (In short - How the terminal works). Without fixing it, you have numerous problems - The most obvious being that command-line programs cannot accept inputs on a different line - So no typing in a password for sudo. Obviously a major issue!
The most common method I use is with python, or python3 - Depending on how old the system is. The syntax for this is:
python -c "import pty; pty.spawn('/bin/bash');"
Or simply adding a 3 for python3:
python3 -c "import pty; pty.spawn('/bin/bash');"
Most boxes generally have one or the other, so you're set from there. The issue comes when you get a shell inside a container that lacks python. I recently came across this scenario and discovered script.
script is - To quote from the man pages:
script makes a typescript of everything on your terminal session.
In short - It saves everything in your session to a log file. It turns out, if you use a few parameters, you can use it to fix your TTY (Or more specifically - Silently redirect running output to bash whilst setting the log file to /dev/null) - Or - In code form:
script -qc bash /dev/null
In the following screenshot I realize that there's no python or python3, realize script and bash exists, and use script to run bash to get a fixed TTY inside a container.
No comments :
Post a Comment